From 43fa235da354c8b53aa69ba745c1d398a758fcaf Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Wed, 26 Oct 2005 05:42:19 -0400
Subject: [PATCH] 

---
 program/steps/mail/compose.inc |   36 ++++++++++++++----------------------
 1 files changed, 14 insertions(+), 22 deletions(-)

diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 52b64d8..f707599 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -87,13 +87,11 @@
           $field_attrib[$attr] = $value;
     
       // get this user's identities
-      $sql_result = $DB->query(sprintf("SELECT identity_id, name, email
-                                        FROM   %s
-                                        WHERE  user_id=%d
-                                        AND    del!='1'
-                                        ORDER BY `default` DESC, name ASC",
-                                       get_table_name('identities'),
-                                       $_SESSION['user_id']));
+      $sql_result = $DB->query("SELECT identity_id, name, email
+                                FROM   ".get_table_name('identities')." WHERE  user_id=?
+                                AND    del<>'1'
+                                ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
+                                $_SESSION['user_id']);
                                    
       if ($DB->num_rows($sql_result))
         {        
@@ -123,14 +121,11 @@
       if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to']))
         {
         $a_recipients = array();
-        $sql_result = $DB->query(sprintf("SELECT name, email
-                                          FROM   %s
-                                          WHERE  user_id=%d
-                                          AND    del!='1'
-                                          AND    contact_id IN (%s)",
-                                         get_table_name('contacts'),
-                                         $_SESSION['user_id'],
-                                         $_GET['_to']));
+        $sql_result = $DB->query("SELECT name, email
+                                  FROM ".get_table_name('contacts')." WHERE user_id=?
+                                  AND    del<>'1'
+                                  AND    contact_id IN (".$_GET['_to'].")",
+                                  $_SESSION['user_id']);
                                          
         while ($sql_arr = $DB->fetch_assoc($sql_result))
           $a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
@@ -509,7 +504,7 @@
                        rcube_label('normal'),
                        rcube_label('high'),
                        rcube_label('highest')),
-                 array(1, 2, 0, 4, 5));
+                 array(5, 4, 0, 2, 1));
                  
   $sel = isset($_POST['_priority']) ? $_POST['_priority'] : 0;
 
@@ -559,12 +554,9 @@
 
 /****** get contacts for this user and add them to client scripts ********/
 
-$sql_result = $DB->query(sprintf("SELECT name, email
-                                  FROM   %s
-                                  WHERE  user_id=%d
-                                  AND    del!='1'",
-                                 get_table_name('contacts'),
-                                 $_SESSION['user_id']));
+$sql_result = $DB->query("SELECT name, email
+                          FROM ".get_table_name('contacts')." WHERE  user_id=?
+                          AND  del<>'1'",$_SESSION['user_id']);
                                    
 if ($DB->num_rows($sql_result))
   {        

--
Gitblit v1.9.1